|
|
Log in / Subscribe / Register

Mailpile's first beta release

By Nathan Willis
September 24, 2014

The Mailpile project made quite a news splash in 2013, capitalizing on public anger over the government Internet surveillance disclosed by Edward Snowden, and launching a successful Indiegogo campaign to fund development. What Mailpile promised was a simple-to-use webmail experience that users could self host: all the convenience of GMail, but none of the ads, user-tracking, or spying eyes. Now, the project has announced its first beta release. The good news is that the fundamental email features are in place. The security and privacy features are also nearing completion—although, naturally, users should be wary of over-reliance on pre-release software for such matters.

Piling on

The beta was announced on September 13, with pre-built packages made available for Windows and Mac OS X, and a tagged release on GitHub available for Linux. The tag, interestingly enough, designates the release as version 0.4.0, although there does not appear to be a detailed roadmap between here and an eventual 1.0 release, which the release notes estimate will arrive in December.

[Mailpile inbox]

The release includes a guided set-up process, but those interested in only taking a peek may prefer to check out the live demo running at www.mailpile.is/demos (for the curious, the screen shots shown here come from the live demo, rather than from the author's personal email). Installing the Mailpile beta locally requires OpenSSL, GnuPG, Python 2, and a handful of common Python libraries, but no external web server is required. Launching Mailpile opens the user interface running at http://localhost:33411.

We last looked at Mailpile just over a year ago, shortly after the project's public debut. At that time, the team—Bjarni Einarsson, Smári McCarthy, and Brennan Novak—pitched Mailpile as "personal web-mail." That is, an application that offered the ease-of-use (both within the interface and on administrative tasks) that contributes to the wide popularity of webmail services like GMail, but is private, decentralized, and offers security that a commercial service cannot match.

The original brief for Mailpile also specifies that the application will be implemented in HTML and JavaScript, running from a local web server, where it can remain under the user's control. Nevertheless, Mailpile itself does not handle the more security-sensitive tasks of sending and receiving mail: it requires either a separate mail server running on the local machine, or a POP/IMAP account on a remote host. At this point, the beta is quite simple to set up and get started with (at least when used with a remote email server).

It remains to be seen, though, whether or not the same degree of smoothness can be extended to include setting up local mail receipt and delivery. Considering Mailpile's public focus on the importance of user security and privacy, it is a bit odd to see its continued reliance on remote mail servers.

Usability

But, considering how complex some of the steps involved could be, Mailpile's guided setup and configuration process is remarkably smooth. During initial setup, users are asked to create an encryption key and passphrase that will be used to protect storage (but is not, for example, used for signing outgoing messages or decrypting incoming ones), and similar walk-throughs step through the process of setting up SMTP, POP, and IMAP configurations (which are, perhaps confusingly, called "routes" in the interface).

[Mailpile message reply]

The user interface, on the whole, is definitely an improvement over the default UIs found in other common free-software webmail packages (such as SquirrelMail or RoundCube). The icons used are more-or-less self-explanatory and all of the buttons one would require during everyday use are both easy to reach and located close to where they are needed.

That said, there are some aspects of the UI that feel awkward. Icons and functional "action" links vary wildly in size. The "trash" button in the composer window, for instance, is 14 pixels tall, while the "reply" button is 40 pixels tall. Perhaps there is a case to made for varying the size of buttons considerably, but it feels more like a lack of design unity than a conscious choice. Similar inconsistencies are found in color, alignment of UI elements, and whether icons are labeled with text. There are other spots where functionality is simply missing. For instance, when an email thread is opened, every message is shown in collapsed form (with only the first line readable). Clicking on the message expands it, but there seems to be no way to collapse it again.

But, from an interface perspective, the most interesting choices are the conscious decisions, such as Mailpile's decision to eschew "folders" for a single "tag" namespace. An arbitrary decision, some might say, but one that integrates well with the project's emphasis on search as the main method for interacting with a message archive. GMail also took this approach at the beginning, but over the years it strayed away from it with "Priority Inbox," "Important/Not Important," "Categories," multiple flavors of "stars," and other such features that provide different avenues through which to wrangle a busy email account.

Only time will tell whether Mailpile can succeed without also complicating its simple model. Already, the sidebar that lists a user's tags also includes a set of special tags that show all file attachments, all photos (which are also shown by the general "attachments" tag), and all hyperlinks. The last category in particular could become a lengthy list indeed, especially if one subscribes to mailing lists or corresponds with online merchants who liberally sprinkle links into their missives.

Features

Sending and receiving messages works in the beta release, as do attachments, tagging, spam filtering, and basic OpenPGP usage. There is some functionality missing, such as HTML-message formatting, and the release notes point out several hiccups—in particular, when using IMAP (which is still missing several key features, such as synchronization) and when working with attachments other than images. Clicking on any of the "settings" options raises an error, at least on the demo.

Unfortunately, several of the known issues in this beta release relate directly to Mailpile's key feature: end-user security. Basic PGP signing and encryption is supposed to work (although there is an issue when dealing with non-ASCII characters in key IDs), but PGP/MIME support is currently broken. More troublingly, outgoing TLS connections neither validate certificates nor specify strong cipher choices. The automatic PGP-key-lookup function in the contact-editing screen seemed to hang indefinitely in my tests.

But not all is darkness on the security front, according to the project. The team has published a detailed security roadmap staking out its long-term goals and outlining how it intends to reach them. There are some creative and ambitious targets on the list.

[Mailpile key management]

For instance, the user interface can display Gravatar images for remote contacts. The plan is to send HTTP queries for Gravatar images over the Tor anonymizing network in order to guard against snooping. Tor is also planned to be used for masking search engine requests, PGP key lookup, and fetching HTML mail resources. Other goals include support for the Dark Mail protocol, whenever it sees the light of day, and automatic lossless conversion of attachments to "safe" data formats (although the examples listed, such as PDF-to-PostScript, are not explained in detail).

Perhaps the most ambitious security goals, however, are those that come late in the list, such as "implementing a user interface which helps the user avoid making common mistakes" and enabling access from remote locations—including mobile devices. So far, the Mailpile team has done a good job of building a slick webmail-like user interface; building a slick and foolproof PGP interface is at least a different challenge—and likely a harder one, too.

The most practical challenge, however, will be seeing how much of this work the team is able to do by the scheduled 1.0 release date in December. That date, unfortunately, is not merely some arbitrary selection. The project has been operating for the past year using the funds it raised from its crowdsourcing campaign, and the beta announcement estimates that three or four months' worth of money remains. Then again, if the beta proves popular and if the project can show enough progress on the security front prior to running out of cash, that could easily be enough to motivate another successful round of fundraising from Mailpile users.

to post comments

Mailpile's first beta release

Posted Sep 27, 2014 23:42 UTC (Sat) by Baylink (guest, #755) [Link] (2 responses)

I do so enjoy the "you don't need folders; you can search for everything" argument.

Alas, you *often* don't remember exactly what you're searching for, and you fairly frequently want to group messages by *things which aren't in the message text at all*.

The time to decide how to classify messages is *while you're reading them*.

Full-text search is wonderful. It is *not* a replacement for manual foldering, by any possible stretch of the imagination.

Mailpile's first beta release

Posted Sep 28, 2014 0:05 UTC (Sun) by Jandar (subscriber, #85683) [Link]

> The time to decide how to classify messages is *while you're reading them*.

Maybe than it's a time to optionally reclassify. I want my e-mail classified before reading, so that I can select easily the type of message I'm willing to read at that time.

Mailpile's first beta release

Posted Oct 1, 2014 19:30 UTC (Wed) by robbe (guest, #16131) [Link]

I think the idea is that you give a mail one or more tags (often while you're reading it). These tags are your primary search targets, not the message content.

Of course folders can be trivially mapped to tags. The user interface may even use the same gestures for tagging as was used for associating with a folder (drag the mail onto a tag). Although I think the name tag would suggest the reverse action (drag tags onto the mail). Both possibilities could be implemented in the same UI.

(Unfortunately, not everyone gets tagging right. Software I use daily has drunk the tagging kool-aid, but does it very clumsily.)

Mailpile's first beta release

Posted Oct 2, 2014 15:58 UTC (Thu) by ajmacleod (guest, #1729) [Link] (1 responses)

I don't really get the point of this. You need an external mail server to use it... so why not just use a proper mail client to access that server?

I do understand the desire to host one's own email - in which case, Citadel is a very nice example of an all-in-one solution which is trivially easy to install and configure and provides both the mail server and webmail interface, ready to go.

Mailpile's first beta release

Posted Oct 6, 2014 14:46 UTC (Mon) by pboddie (guest, #50784) [Link]

I think that one of the motivations was to make a "nice" webmail interface, where the developers regard Gmail as "nice". I've only briefly used Gmail in a work context and found it horrible, but each to their own. I haven't used Citadel's webmail, but I've used Roundcube and thought it to be reasonable enough for webmail.

It is telling that the development of a webmail client was seen as the best path to delivering a "nice" client. One might have suggested enhancing one of the existing "proper" clients (Thunderbird, KMail, Evolution, Claws), but I imagine that each of these is regarded as having so much baggage that doing something from scratch (and even doing so on the Web) is seen as being much more appealing.


Copyright © 2014, Eklektix, Inc.
This article may be redistributed under the terms of the Creative Commons CC BY-SA 4.0 license
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds